Central authentication and identity attribute retrieval is granted only by request. If approved the individual application is assigned a credential for accessing the LDAP Registry. That credential is created with an Access Control List (ACL) within the Registry that limits what data items the application can read, write or query.
Access to the LDAP Registry must be requested, justified, granted, and acknowledged.
- The application administrative and technical contacts complete a detailed request form and send it to ISA.
- Northwestern IT assesses the security environment described in the request and obtains clarification as needed.
- If the request involves retrieval of identity attributes, Northwestern IT forwards the request to the appropriate custodian of that data for approval to release the information to the requester. The data custodian may discuss the request directly with the requester.
- If the request is approved by all reviewers, then the administrative contact signs an agreement form acknowledging that the information being released will be used solely for the purpose described in the request. This document is countersigned by the data custodian and kept on file
- Northwestern IT creates the application's unique credentials and ACL to complete the request.
Documentation